4 matches found
CVE-2023-5820
The CVE-2023-5820 entry concerns the WordPress plugin Thumbnail Slider With Lightbox (version 1.0 and earlier). It describes a Cross-Site Request Forgery flaw caused by missing or incorrect nonce validation on the addedit action, enabling unauthenticated attackers to trick an admin into uploading...
CVE-2023-5621
CVE-2023-5621 : The WordPress plugin Thumbnail Slider With Lightbox (versions ≤ 1.0) is vulnerable to a stored XSS via the Image Title field. The issue requires administrator-level access and affects multisite setups or sites with unfiltered_html disabled. The root cause is insufficient input san...
CVE-2023-5531
CVE-2023-5531 affects the WordPress plugin “Thumbnail Slider With Lightbox.” Wordfence reports CSRF via missing nonce validation on the delete functionality, enabling unauthenticated attackers to delete image lightboxes if a site admin is tricked. Affected versions are up to 1.0; remediation via ...
CVE-2015-10146
CVE-2015-10146 affects the WordPress plugin Thumbnail Slider With Lightbox (plugin slug: wp-responsive-slider-with-lightbox). All versions up to and including 1.0.4 are vulnerable to SQL injection via the id parameter due to insufficient escaping and improper query construction. Exploitation requ...